<?php include 'header.php';?>

<?php
echo "<h3>Member Log in</h3>";

$error=$user=$pass="";

if(isset($_POST['user']))
{
	$user=sanitizeString($_POST['user']);
	$pass=sanitizeString($_POST['pass']);
	
	if($user==""||$pass=="")
	{
		$error="Not all fields were entered<br />";
	}
	else
	{
		$query="SELECT user,pass FROM member WHERE user='kjh' AND pass='1'";
		
		if(mysql_num_rows(mysql_query($query))==0)
		{
			$error="Username/Password invalid<br/>";
		}
		else
		{
			$_SESSION['user']=$user;
			$_SESSION['pass']=$pass;
			die("You are now logged in. Please
			<a href='model.php'>Model</a>.");
		}
	}
}

echo<<<_END
	<form method="post" action="login.php" />$error
	Username <input type='text' maxlength='20' name='user' value='$user'/><br/>
	Password <input type='text' maxlength='20' name='pass' value='$pass'/><br/>
	&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; 
	<input type="submit" value="Login" />
	</form>
_END;
?>